AV-TEST Defending against Ransomware: 28 Protection Solutions Put to the Test under Windows 10

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,049
The fight against ransomware is a two-front battle waged both on home PCs and corporate workstations. How well does security software protect against these diabolical encryption attackers? In the current November test, 15 Internet security suites for consumer users and 13 solutions for corporate users showed how well they stacked up in ten realistic scenarios against an attack via e-mail, script, macro or ransomware. The Advanced Threat Protection test proves that detection of the attacker alone is not always sufficient. That is why the lab clearly spells out in the test results all the steps, from the time the attack is launched until it is fended off – or until encryption occurs.

In its series of so-called Advanced Threat Protection tests, the lab at AV-TEST put 15 well-known Internet security suites for consumer users and 13 solutions for corporate users to the test under Windows 10. In ten defined scenarios, the testers explain step-by-step how the attacks unfold and what happens in between. The evaluation clearly shows that detection of malware alone does not always protect against the consequence of partial or complete encryption.

15 well-known protection packages for consumer users from the manufacturers Avast, AVG, Bitdefender, BullGuard, F-Secure, G DATA, Kaspersky, Malwarebytes, Microsoft, Microworld, Norton, PC Matic, Protected.net, Quick Heal and VIPRE Security were put to the test.

For corporate users, 13 endpoint solutions underwent a test regimen. The products involved were from Avast, Bitdefender (two versions), Comodo, F-Secure, G DATA, Kaspersky, Malwarebytes, Microsoft, Seqrite, Sophos, Symantec and VMware.
For consumer users: the November result of the Advanced Threat Protection tests

In the Advanced Threat Protection test of the 15 Internet security solutions, 9 of the 15 packages demonstrated that they effectively protected against ransomware in actual conditions. The following products achieved the maximum protection score of 36 points in all 10 attack scenarios: Bitdefender Internet Security, F-Secure SAFE, G Data Total Security, Kaspersky Internet Security, Microsoft Defender, Microworld eScan Internet Security Suite, PC Matic, Quick Heal Total Security and VIPRE AdvancedSecurity.

While Malwarebytes Premium did identify all threats, it experienced the problem in two instances so that in the end, encryption did occur. This added up to a total protection score of 34 points instead of 36.

The packages BullGuard Internet Security, Norton 360 and Protected.net Total AV followed with 33 out of 36 points, each detecting 9 attackers. All three packages missed detection of one attacker from one scenario, and accordingly, all the files were encrypted by the ransomware.

In the final field were the protection packages from Avast and AVG, each scoring 30 out of 36 points and with 8 out of 10 attackers identified. In two cases, there was no positive detection, thus everything was encrypted.
For corporate users: the November result of the Advanced Threat Protection tests

The Advanced Threat Protection test of endpoint solutions for companies yielded even better results. In this case, even 10 out of the 13 tested business products achieved the maximum protection score of 36 points through seamless detection of all 10 attackers. It involved the solutions Bitdefender Endpoint Security, Bitdefender Endpoint Security (Ultra), Comodo Client Security, F-Secure Elements Endpoint Protection, G DATA Endpoint Protection Business, Kaspersky Endpoint Security, Microsoft Defender Antivirus, Seqrite Endpoint Security, Sophos Intercept X Advanced and VMware Carbon Black Cloud.

In two instances, Malwarebytes Endpoint Protection was able to identify the attacker, but could not stop it. As a consequence, encryption occurred at the end of both attacks. The protection score was 34 out of 36 points despite 10 out of 10 detections.

Avast Business Antivirus Pro Plus and Symantec Endpoint Security Complete detected 8 out of 10 attackers. The two that made it through undetected carried out an encryption. That is why in both cases, no points were awarded towards the protection score and the overall rating remained 30 out of a possible 36 points.
 

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,049
The difference between No.1 and No.15 is negligible. Would like to see AV-C to do a similar test because they are more trustworthy.
The most interesting test from AV-C was their Advanced Threat Protection Test:
Unfortunately with less products tested.
 

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
320
The most interesting test from AV-C was their Advanced Threat Protection Test:
Unfortunately with less products tested.
AV Consumer Main-Test-Series vendors were given the opportunity to opt out of this test before the test started, which is why not all vendors are included in this test.